Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

4,873 advisories

Loading
An input validation command execution vulnerability exists in the browser management pipeline of... High Unreviewed
CVE-2026-25623 was published Jun 5, 2026
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat... High Unreviewed
CVE-2026-25622 was published Jun 5, 2026
An encrypted password command injection vulnerability exists in the Captive Portal application... High Unreviewed
CVE-2026-25620 was published Jun 5, 2026
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management -... High Unreviewed
CVE-2026-25621 was published Jun 5, 2026
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a... High Unreviewed
CVE-2026-49492 was published Jun 5, 2026
Authenticated Remote Code Execution via loadReader functionName code injection in DbGate Critical
CVE-2026-47670 was published for dbgate-api (npm) Jun 5, 2026
tomasvanagas Credited to tomasvanagas
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary... High Unreviewed
CVE-2026-50265 was published Jun 5, 2026
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset... High Unreviewed
CVE-2026-21837 was published Jun 5, 2026
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is... Critical Unreviewed
CVE-2025-67447 was published Jun 4, 2026
An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain... High Unreviewed
CVE-2025-69755 was published Jun 4, 2026
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03... Critical Unreviewed
CVE-2026-35906 was published Jun 4, 2026
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input... High Unreviewed
CVE-2026-45431 was published Jun 4, 2026
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.  An... High Unreviewed
CVE-2026-3820 was published Jun 4, 2026
Incoming VPN network profile settings fail to process special characters safely, enabling command... High Unreviewed
CVE-2026-50206 was published Jun 4, 2026
The system fails to evaluate instructional permissions over multiple internal operation codes ... Critical Unreviewed
CVE-2026-49190 was published Jun 4, 2026
ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(... High Unreviewed
CVE-2026-41010 was published Jun 4, 2026
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in... Moderate Unreviewed
CVE-2026-10805 was published Jun 4, 2026
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(),... Critical Unreviewed
CVE-2026-49185 was published Jun 4, 2026
PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, ... High Unreviewed
CVE-2026-41011 was published Jun 4, 2026
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas... Critical Unreviewed
CVE-2026-36576 was published Jun 3, 2026
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to... High Unreviewed
CVE-2026-47294 was published Jun 1, 2026
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion High Unreviewed
CVE-2026-49366 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41274 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41276 was published May 29, 2026
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an... Critical Unreviewed
CVE-2025-41277 was published May 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database